Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort under high density traffic

From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Thu, 14 Aug 2003 13:50:24 +0200


Mehmet Ersan TOPALOGLU wrote:
[...]

the results are around the same values. In first tries i was using snort v1.9
and libpcap v0.7 but after the advise of Erek Adams i upgrade to snort 2.0.1
and patched verison of libpcap 0.8.


And how is it working now? You mean even _after_ upgrading to Snort 2 you still
have the same, wrong statistics?

My experience is that the statistics in Snort 2 are quite reliable, in Snort 1.9
not. I may do some checks. As far as I can recall my Snort 1.9 tests, the
statistics were fine only if Snort did not loose any packets.

Are you able to share your tcpdump files you are using with tcpreplay so I can
test it with my 64bit machines?



I hope i could explain the situation.

Thanks in advance



Regards,

Edin

-- 
Edin Dizdarevic



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: